Vulnerability CVE-2022-31629

Vulnerability Name:

CVE-2022-31629 (CCN-237534)

Assigned:

2022-09-28

Published:

2022-09-28

Updated:

2023-01-20

Summary:

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.5 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:S/C:N/I:C/A:N)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): None

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2022-31629

Source: CCN
Type: PHP Sec Bug #81727
PHP

Source: security@php.net
Type: Exploit, Permissions Required, Vendor Advisory
security@php.net

Source: XF
Type: UNKNOWN
php-cve202231629-csrf(237534)

Source: security@php.net
Type: Mailing List, Third Party Advisory
security@php.net

Source: security@php.net
Type: Mailing List, Third Party Advisory
security@php.net

Source: security@php.net
Type: Mailing List, Third Party Advisory
security@php.net

Source: security@php.net
Type: Mailing List, Third Party Advisory
security@php.net

Source: security@php.net
Type: Third Party Advisory
security@php.net

Source: security@php.net
Type: Third Party Advisory
security@php.net

Source: security@php.net
Type: Third Party Advisory
security@php.net

Source: CCN
Type: PHP Web site
PHP

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8075	P	apache2-mod_php7-7.4.33-150400.4.22.1 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20230965	P	RHSA-2023:0965: php security update (Moderate)	2023-02-28
oval:com.redhat.rhsa:def:20230848	P	RHSA-2023:0848: php:8.0 security update (Moderate)	2023-02-21
oval:org.opensuse.security:def:644	P	Security update for php7 (Moderate) (in QA)	2022-10-04
oval:org.opensuse.security:def:645	P	Security update for php7 (Moderate) (in QA)	2022-10-04
oval:org.opensuse.security:def:646	P	Security update for php7 (Moderate) (in QA)	2022-10-04
oval:org.opensuse.security:def:619	P	Security update for php8 (Important) (in QA)	2022-10-03

BACK